Message ID | 20210104192602.10131-7-nramas@linux.microsoft.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Carry forward IMA measurement log on kexec on ARM64 | expand |
Hi Lakshmi, On Mon, 2021-01-04 at 11:26 -0800, Lakshmi Ramasubramanian wrote: > Address and size of the buffer containing the IMA measurement log need > to be passed from the current kernel to the next kernel on kexec. > > Any existing "linux,ima-kexec-buffer" property in the device tree > needs to be removed and its corresponding memory reservation in > the currently running kernel needs to be freed. The address and > size of the current kernel's IMA measurement log need to be added > to the device tree's IMA kexec buffer node and memory for the buffer > needs to be reserved for the log to be carried over to the next kernel > on the kexec call. > > Add address and size fields to "struct kimage_arch" for ARM64 platform > to hold the address and size of the IMA measurement log buffer. Remove > any existing "linux,ima-kexec-buffer" property in the device tree and > free the corresponding memory reservation in the currently running > kernel. Add "linux,ima-kexec-buffer" property to the device tree and > reserve the memory for storing the IMA log that needs to be passed from > the current kernel to the next one. > > Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC to indicate > that the IMA measurement log information is present in the device tree > for ARM64. Perhaps for some previous version of this patch set, this patch description was appropriate, but for the code below it's kind of overkill. Mimi > > Co-developed-by: Prakhar Srivastava <prsriva@linux.microsoft.com> > Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com> > Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> > --- > arch/arm64/Kconfig | 1 + > arch/arm64/include/asm/kexec.h | 5 +++++ > 2 files changed, 6 insertions(+) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index a6b5b7ef40ae..312b4d5ad232 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1095,6 +1095,7 @@ config KEXEC > config KEXEC_FILE > bool "kexec file based system call" > select KEXEC_CORE > + select HAVE_IMA_KEXEC if IMA > help > This is new version of kexec system call. This system call is > file based and takes file descriptors as system call argument > diff --git a/arch/arm64/include/asm/kexec.h b/arch/arm64/include/asm/kexec.h > index d24b527e8c00..2bd19ccb6c43 100644 > --- a/arch/arm64/include/asm/kexec.h > +++ b/arch/arm64/include/asm/kexec.h > @@ -100,6 +100,11 @@ struct kimage_arch { > void *elf_headers; > unsigned long elf_headers_mem; > unsigned long elf_headers_sz; > + > +#ifdef CONFIG_IMA_KEXEC > + phys_addr_t ima_buffer_addr; > + size_t ima_buffer_size; > +#endif > }; > > extern const struct kexec_file_ops kexec_image_ops;
On 1/12/21 3:28 PM, Mimi Zohar wrote: > Hi Lakshmi, > > On Mon, 2021-01-04 at 11:26 -0800, Lakshmi Ramasubramanian wrote: >> Address and size of the buffer containing the IMA measurement log need >> to be passed from the current kernel to the next kernel on kexec. >> >> Any existing "linux,ima-kexec-buffer" property in the device tree >> needs to be removed and its corresponding memory reservation in >> the currently running kernel needs to be freed. The address and >> size of the current kernel's IMA measurement log need to be added >> to the device tree's IMA kexec buffer node and memory for the buffer >> needs to be reserved for the log to be carried over to the next kernel >> on the kexec call. >> >> Add address and size fields to "struct kimage_arch" for ARM64 platform >> to hold the address and size of the IMA measurement log buffer. Remove >> any existing "linux,ima-kexec-buffer" property in the device tree and >> free the corresponding memory reservation in the currently running >> kernel. Add "linux,ima-kexec-buffer" property to the device tree and >> reserve the memory for storing the IMA log that needs to be passed from >> the current kernel to the next one. >> >> Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC to indicate >> that the IMA measurement log information is present in the device tree >> for ARM64. > > Perhaps for some previous version of this patch set, this patch > description was appropriate, but for the code below it's kind of > overkill. > I agree Mimi. Will edit the patch description. thanks, -lakshmi >> >> Co-developed-by: Prakhar Srivastava <prsriva@linux.microsoft.com> >> Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com> >> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> >> --- >> arch/arm64/Kconfig | 1 + >> arch/arm64/include/asm/kexec.h | 5 +++++ >> 2 files changed, 6 insertions(+) >> >> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig >> index a6b5b7ef40ae..312b4d5ad232 100644 >> --- a/arch/arm64/Kconfig >> +++ b/arch/arm64/Kconfig >> @@ -1095,6 +1095,7 @@ config KEXEC >> config KEXEC_FILE >> bool "kexec file based system call" >> select KEXEC_CORE >> + select HAVE_IMA_KEXEC if IMA >> help >> This is new version of kexec system call. This system call is >> file based and takes file descriptors as system call argument >> diff --git a/arch/arm64/include/asm/kexec.h b/arch/arm64/include/asm/kexec.h >> index d24b527e8c00..2bd19ccb6c43 100644 >> --- a/arch/arm64/include/asm/kexec.h >> +++ b/arch/arm64/include/asm/kexec.h >> @@ -100,6 +100,11 @@ struct kimage_arch { >> void *elf_headers; >> unsigned long elf_headers_mem; >> unsigned long elf_headers_sz; >> + >> +#ifdef CONFIG_IMA_KEXEC >> + phys_addr_t ima_buffer_addr; >> + size_t ima_buffer_size; >> +#endif >> }; >> >> extern const struct kexec_file_ops kexec_image_ops; >
Lakshmi Ramasubramanian <nramas@linux.microsoft.com> writes: > Address and size of the buffer containing the IMA measurement log need > to be passed from the current kernel to the next kernel on kexec. > > Any existing "linux,ima-kexec-buffer" property in the device tree > needs to be removed and its corresponding memory reservation in > the currently running kernel needs to be freed. The address and > size of the current kernel's IMA measurement log need to be added > to the device tree's IMA kexec buffer node and memory for the buffer > needs to be reserved for the log to be carried over to the next kernel > on the kexec call. > > Add address and size fields to "struct kimage_arch" for ARM64 platform > to hold the address and size of the IMA measurement log buffer. Remove > any existing "linux,ima-kexec-buffer" property in the device tree and > free the corresponding memory reservation in the currently running > kernel. Add "linux,ima-kexec-buffer" property to the device tree and > reserve the memory for storing the IMA log that needs to be passed from > the current kernel to the next one. > > Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC to indicate > that the IMA measurement log information is present in the device tree > for ARM64. > > Co-developed-by: Prakhar Srivastava <prsriva@linux.microsoft.com> > Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com> > Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> > --- > arch/arm64/Kconfig | 1 + > arch/arm64/include/asm/kexec.h | 5 +++++ > 2 files changed, 6 insertions(+) Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index a6b5b7ef40ae..312b4d5ad232 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1095,6 +1095,7 @@ config KEXEC config KEXEC_FILE bool "kexec file based system call" select KEXEC_CORE + select HAVE_IMA_KEXEC if IMA help This is new version of kexec system call. This system call is file based and takes file descriptors as system call argument diff --git a/arch/arm64/include/asm/kexec.h b/arch/arm64/include/asm/kexec.h index d24b527e8c00..2bd19ccb6c43 100644 --- a/arch/arm64/include/asm/kexec.h +++ b/arch/arm64/include/asm/kexec.h @@ -100,6 +100,11 @@ struct kimage_arch { void *elf_headers; unsigned long elf_headers_mem; unsigned long elf_headers_sz; + +#ifdef CONFIG_IMA_KEXEC + phys_addr_t ima_buffer_addr; + size_t ima_buffer_size; +#endif }; extern const struct kexec_file_ops kexec_image_ops;